CVE-2023-29480Cleartext Storage of Sensitive Info in RNP

CWE-312Cleartext Storage of Sensitive Info4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.0%
top 85.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Ribose RNPDebian RNP
Timeline
PublishedApr 24

Description

Ribose RNP before 0.16.3 sometimes lets secret keys remain unlocked after use.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

NVDribose/rnp< 0.16.3
Debianribose/rnp< 0.16.3-1+2
debiandebian/rnp< rnp 0.16.3-1 (bookworm)

🔴Vulnerability Details

2
GHSA
GHSA-vrmf-9x5h-2hr7: Ribose RNP before 02023-04-24
OSV
CVE-2023-29480: Ribose RNP before 02023-04-24

📋Vendor Advisories

1
Debian
CVE-2023-29480: rnp - Ribose RNP before 0.16.3 sometimes lets secret keys remain unlocked after use.2023